By Jedidiah Bracy, CIPP

The government of the Cayman Islands is currently reviewing draft legislation that, if passed, would institute a robust data protection framework. The draft legislation comes four years after the Cayman Islands enacted the Freedom of Information (FOI) Law and will soon be available for public comment.

Sponsored by Cayman Island Attorney General Samuel Bulgin, the Cayman Island Data Protection Law (DPL) proposal has been drafted by the Data Protection Working Group (DPWG)—a group of public- and private-sector representatives—and submitted to the Cayman Islands Cabinet for review.

The DPL “is modeled after the EU Data Protection Directive (95/46/EC) and on the UK’s Data Protection Act 1998,” says Deputy Information Commissioner Jan Liebaers. “It is structured more concisely than its predecessors, with consecutive parts dealing with principles, rights of data subjects, notification responsibilities of data controllers, exemptions, functions of the information commissioner and enforcement.”

The draft contains many of the same components that make up the European framework, yet, Liebaers also points out that because changes to the EU Data Protection Directive are imminent and the European Commission has voiced criticism of the UK Data Protection Act for non-compliance, “it was necessary to progressively modify the source legislation in significant ways after a careful analysis of the available literature on the subject.”

According to Liebaers, the analysis “has resulted in what we consider significant improvements” in several areas. The proposal has more “robust basic definitions” for concepts like personal data, sensitive personal data and consent. It would also extend “basic rights” to data subjects; implement data breach notification requirements for data controllers; create “clearer and more extended enforcement powers” for the information commissioner, and provide “generally, a more concise and logical structure.”

Additionally, the proposal would place the DPL under the “auspices of the existing freedom of information commissioner. “As deputy information commissioner,” notes Liebaers, “I will likely play a central role in the planning and implementation of the new law and in the enforcement once it comes into effect.”

Liebaers says the driving force behind the draft bill is to gain adequacy status from the European Commission. Attaining adequacy, he says, would not only allow more fluid data flows, but also “strengthen links between businesses in the Caymans and the EU as well as multinationals which do business in the Cayman Islands.” Fluid, strengthened links would make it “easier for EU businesses to outsource certain operations involving personal data to the Cayman Islands.”

As a major financial center, the Cayman Islands has become a destination for multinationals over the years. Liebaers did not say if there are any special financial provisions in the draft bill.

“At an earlier stage of this project,” he says, “we did a mini-consultation with various business and financial associations to seek their input. However, at that time, the response was somewhat muted.”

Liebaers is hopeful that once the draft is presented for public consultation, “all the parties concerned, including the financial industry, will take another look and formulate any concerns or observations they may have.”

Since Liebaers played a similar role in the planning and implementation of the FOI Law in 2007, he says he is interested to see the similarities and differences with the new proposed data protection legislation.

“Although the DPL will encompass both the public and private sectors, and budgets are a lot tighter these days,” says Liebaers, “in contrast to 2007 when the Information Commissioner’s Office did not yet exist, we should now be in a better position to embark on this new venture.”   


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»